Block of specific packages
-
This post is deleted! -
@beckeribero Based on what is inside the packet? You could use Suricata or Snort and a custom rule but that is pretty advanced.
A rule blocking from an IP to any remote IP with a specific port is however simple.
-
The main problem is detecting that "specific packet". Do you mean specific payload content? If so, remember that nearly 100% of network traffic today is encrypted and only decrypted at the two endpoints of the conversation. Firewalls and intermediate devices can't see into the payload. They see only random encrypted bits.